[ https://issues.apache.org/jira/browse/IMPALA-5774?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Henry Robinson resolved IMPALA-5774. ------------------------------------ Resolution: Fixed Fix Version/s: Impala 2.10.0 https://github.com/apache/incubator-impala/commit/5caadbbedd1917019937290e9427fd6f798f0cd8 > StringFunctions::FindInSet() may read one byte beyond a string's extent > ----------------------------------------------------------------------- > > Key: IMPALA-5774 > URL: https://issues.apache.org/jira/browse/IMPALA-5774 > Project: IMPALA > Issue Type: Bug > Components: Backend > Affects Versions: Impala 2.10.0 > Reporter: Henry Robinson > Assignee: Henry Robinson > Fix For: Impala 2.10.0 > > > The following may read {{str_set.ptr[str_set.len]}} if no ',' is found. > {code} > while(str_set.ptr[end] != ',' && end < str_set.len) ++end; > {code} > (This was discovered by poisoning mempool data from IMPALA-5666). -- This message was sent by Atlassian JIRA (v6.4.14#64029)